The Agent Skills Directory

Administrative Script Functionality: The skill includes various shell scripts designed to automate the setup of database roles and permissions. These scripts handle environment-specific parameters such as resource names and user identities to facilitate administrative tasks.
Evidence: Scripts in the scripts/ directory, such as setup-user.sh and setup-managed-identity.sh, interpolate variables into Azure CLI (az) and PostgreSQL (psql) commands.
Official SDK Integration: The documentation guides developers toward using official, verified libraries for authentication and database connectivity.
Evidence: References to azure-identity for Python, @azure/identity for Node.js, and Azure.ResourceManager.PostgreSql for .NET, which are official Microsoft-maintained packages.
Secure Authentication Workflow: The skill implements industry-standard security patterns by utilizing short-lived access tokens for database connections rather than persistent credentials.
Evidence: Implementation of az account get-access-token within connection scripts to retrieve temporary authentication tokens for use with the PostgreSQL client.
Indirect Prompt Injection Surface: The setup scripts ingest user-provided data such as resource names and user principal names, which are subsequently used in command execution contexts.
Ingestion points: Parameters like <resource-group>, <server-name>, and <user-upn> accepted by the scripts in the scripts/ folder.
Boundary markers: No explicit boundary markers are present within the bash scripts to isolate these parameters from the command context.
Capability inventory: The scripts possess the capability to manage Azure resources via the az CLI and execute database role/permission changes via psql.
Sanitization: The scripts include some basic escaping for group names containing spaces, though they primarily rely on the validity of the parameters provided during the setup process.

azure-postgres